trickbot

General

Target

ea78baf0919870bb04d001f94905bbb84263f9fd012e81005d6adc3aeb8a73ad
Size

546KB
Sample

220509-azs4pabha5
MD5

ee6c2c0cee1d675d7d54ddd8c55a7d2a
SHA1

b52b89e670bd912540608671d05b0c772a6a14b9
SHA256

ea78baf0919870bb04d001f94905bbb84263f9fd012e81005d6adc3aeb8a73ad
SHA512

76371e407bfb8e3dd0427dbd750efe7c9c79483495dd2ef3bdf160c7c1528caafd05ed4c914dfe76f16632348a59a8ebe6061fd83dec1c9bf4f519bef5d726bb

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000514

Botnet

ono76

C2

51.89.163.40:443

89.223.126.186:443

45.67.231.68:443

148.251.185.165:443

194.87.110.144:443

213.32.84.27:443

185.234.72.35:443

45.89.125.148:443

195.123.240.104:443

185.99.2.243:443

5.182.211.223:443

195.123.240.113:443

85.204.116.173:443

5.152.210.188:443

103.36.48.103:449

36.94.33.102:449

36.91.87.227:449

177.190.69.162:449

103.76.169.213:449

179.97.246.23:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  ea78baf0919870bb04d001f94905bbb84263f9fd012e81005d6adc3aeb8a73ad
- Size
  
  546KB
- MD5
  
  ee6c2c0cee1d675d7d54ddd8c55a7d2a
- SHA1
  
  b52b89e670bd912540608671d05b0c772a6a14b9
- SHA256
  
  ea78baf0919870bb04d001f94905bbb84263f9fd012e81005d6adc3aeb8a73ad
- SHA512
  
  76371e407bfb8e3dd0427dbd750efe7c9c79483495dd2ef3bdf160c7c1528caafd05ed4c914dfe76f16632348a59a8ebe6061fd83dec1c9bf4f519bef5d726bb
Score

10^/10

trickbot ono76 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2